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A rule-based framework for role-based delegation and revocation 
Longhua Zhang, Gail-Joon Ahn, Bel-Tseng Chu 

August 2003 ACM Transactions on Information and System Security (TISSEC), volume 6 
Issue 3 

Full text available:^ pdfd. 05 MB) Additional Information: full citation , abstract , references , index terms 

Delegation is the process whereby an active entity in a distributed environment authorizes 
another entity to access resources. In today's distributed systems, a user often needs to act 
on another user's behalf with some subset of his/her rights. Most systems have attempted 
to resolve such delegation requirements with ad-hoc mechanisms by compromising existing 
disorganized policies or simply attaching additional components to their applications. Still, 
there is a strong need in the large, distrib ... 



Keywords: Role, access control, delegation, revocation, rule-based 



Authentication in the Taos operating system 

Edward Wobber, Martin Abadi, Michael Burrows, Butler Lampson 

February 1994 ACM Transactions on Computer Systems (TOCS), volume 12 issue 1 

Full text available: 1 ?| pdf(1.88 MB) Additional Information: full citation , abstract , references , citings , index 
' ^ ~ terms , review 

We describe a design for security in a distributed system and its implementation. In our 
design, applications gain access to security services through a narrow interface. This 
interface provides a notion of identity that includes simple principals, groups, roles, and 
delegations. A new operating system component manages principals, credentials, and 
secure channels. It checks credentials according to the formal rules of a logic of 
authentication. Our implementation is efficient enough to sup ... 

Keywords: cryptography, mathematical logic 



^ RBAC support in object-oriented role databases 
Raymond K. Wong 

November 1997 Proceedings of the second ACM workshop on Role-based access control 

Full text available: ^ pdf(1.45 MB) Additional Information: full citation , references , citings , index terms 
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Keywords: database security, object-oriented role database, role-based access control 

4 MULTISAFE— a modular multiprocessing approach to secure database management 9 
Robert P. Trueblood, H. Rex Hartson, Johannes J. Martin 

September 1983 ACM Transactions on Database Systems (TODS), Volume 8 issue 3 
Full text available: ^ pdf(2.0Q MB) Additional Information: full citation , abstract , references , index terms 

This paper describes the configuration and internnodule connnnunication of a MULTImodule 
system for supporting Secure Authorization with Full Enforcement (MULTISAFE) for 
database management. A modular architecture is described which provides secure, 
controlled access to shared data in a multiuser environment, with low performance 
penalties, even for complex protection policies. The primary mechanisms are structured and 
verifiable. The entire approach is immediately extendible to distributed pr ... 

Keywords: abstract data types, access control, back-end database, intermodule 
communication, secure database 



5 A model of OASIS role-based access control and its support for active security 
Jean Bacon, Ken Moody, Walt Yao 

November 2002 ACM Transactions on Information and System Security (TISSEC), volume 
5 Issue 4 

I- II * ^ •• ui 0 -irz-nco AO i^Dx Additional Information: full citation , abstract , references , citings , index 

Full text available: Tlj pdf(352.06 KB) ^ 

terms 

OASIS is a role-based access control architecture for achieving secure interoperation of 
services in an open, distributed environment. The ainn of OASIS is to allow autonomous 
management domains to specify their own access control policies and to interoperate 
subject to service level agreements (SLAs). Services define roles and implement formally 
specified policy to control role activation and service use; users must present the required 
credentials, in an appropriate context, in order to activat ... 

Keywords: Certificates, OASIS, RBAC, distributed systems, policy, role-based access 
control, service-level agreements 



An access control model for video database systems 
Elisa Bertino, Moustafa A. Hammad, Walid G. Aref, Ahmed K. Elmagarmid 
November 2000 Proceedings of the ninth international conference on Information and 
knowledge management 

Full text available: ^ pdf(292.78 KB) Additional Information: full citation , references , citings , index terms 
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E-P3P privacy policies and privacy authorization 

Paul Ashley, Satoshi Hada, Gunter Karjoth, Matthias Schunter 

November 2002 Proceeding of the ACM workshop on Privacy in the Electronic Society 

Full text available: ^ pdfd 46.35 KB) Additional Information: full citation , abstract , references , index terms 

Enterprises collect large amounts of personal data from their customers. To ease privacy 
concerns, enterprises publish privacy statements that outline how data is used and shared. 
The Platform for Enterprise Privacy Practices (E-P3P) defines a fine-grained privacy policy 
model. A Chief Privacy Officer can use E-P3P to formalize the desired enterprise-internal 
handling of collected data. A particular data user is then allowed to use certain collected 
data for a given purpose if and only if the E- ... 
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8 National id card: the next generation: The US/Mexico border crossing card (BCC): a Q 
case study in biometric. machine-readable id 
Andrew Schulman 

April 2002 Proceedings of the 12th annual conference on Computers, freedom and 
privacy 

Full text available: g) htmd 87.31 KB) Additional Information: full citation , index terms 



A flexible authorization mechanism for relational data management systems 
Elisa Bertino, Sushil Jajodia, Pierangela Sannarati 

April 1999 ACM Transactions on Information Systems (TOIS), volume 17 issue 2 

r- .. ^ ^ -. u. 0t -.r/nir-r ir^ i^ox Additional Information: full citation , abstract , references , citings , index 

Full text available: Tn pdf(257.56 KB) ^ : 

^^^^ terms , review 

In this article, we present an authorization nnodel that can be used to express a number of 
discretionary access control policies for relational data management systems. The model 
permits both positive and negative authorizations and supports exceptions at the same 
time. The model is flexible in that the users can specify, for each authorization they grant, 
whether the authorization can allow for exceptions or whether it must be strongly obeyed. 
It provides authorization management for group ... 

Keywords: access control mechanism, access control policy, authorization, data 
management system, group management support, relational database 



10 E-services: a look behind the curtain 

Richard Hull, Michael Benedikt, Vassilis Christophides, Jianwen Su 
June 2003 Proceedings of the twenty-second ACi^ SIGMOD-SIGACT-SIGART 
symposium on Principles of database systems 

Full text available: ' ^pdf(269.51 KB) Additional Information: full citation , abstract , references , index terms 

The emerging paradigm of electronic services promises to bring to distributed computation 
and services the flexibility that the web has brought to the sharing of documents. An 
understanding of fundamental properties of e-service composition is required in order to 
take full advantage of the paradigm. This paper examines proposals and standards for e- 
services from the perspectives of XML, data management, workflow, and process models. 
Key areas for study are identified, including behavioral servi ... 

'^'^ P-MIP: paging extensions for mobile IP 

Xiaowei Zhang, Javier Gomez Castellanos, Andrew T. Campbell 
April 2002 Mobile Networks and Applications, volume 7 issue 2 

Full text available: ^ pdf(272.68 KB) Additional Information: full citation , abstract , references , index terms 

As the number of Mobile IP users grows, so will the signalling overhead associated with 
Internet mobility management in the core IP network. This presents a significant challenge 
to Mobile IP as the number of mobile devices scale-up. In cellular networks, registration 
and paging techniques are used to minimize the signalling overhead and optimize the 
mobility management performance. Currently, Mobile IP supports registration but not 
paging. In this paper, we argue that Mobile IP should be extend ... 

Keywords: Mobile IP, mobility management, paging 
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Static analysis techniques for predicting the behavior of active database rules 
Alexander Aiken, Joseph M. Hellerstein, Jennifer Widonn 

IVIarch 1995 ACM Transactions on Database Systems (TODS), volume 20 issue i 

Full text available: 1?^ pdf(2.79 MB) Additional Information: full citation , abstract , references, citings, index 

terms , review 

This article gives methods for statically analyzing sets of active database rules to determine 
if the rules are (1) guaranteed to terminate, (2) guaranteed to produce a unique final 
database state, and (3) guaranteed to produce a unique stream of observable actions. If 
the analysis determines that one of these properties is not guaranteed, it isolates the rules 
responsible for the problem and determines criteria that, if satisfied, guarantee the 
property. The analysis methods are presented ... 

Keywords: active database systems, confluence, database rule processing, static analysis, 
termination 



ODE (Object Database and Environment): the language and the data model | 
R. Agrawal, N. H. Gehani 

June 1989 ACM SIGMOD Record , Proceedings of the 1989 ACM SIGMOD international 

conference on Management of data, Volume 18 issue 2 
Full text available- f 9 pdf(1.26 MB) Additional Information: full citation , abstract , references , citings , index 
' ^ terms 

ODE is a database system and environment based on the object paradigm. It offers one 
integrated data model for both database and general purpose manipulation. The database is 
defined, queried and manipulated in the database programming language 0++ which is 
based on C++. 0++ borrows and extends the object definition facility of C++, called the 
class. Classes support data encapsulation and multiple inheritance. We provide facilities for 
creating persistent and versioned objects, defining set ... 

A predicate-based caching scheme for client-server database architectures ] 
Arthur M. Keller, Julie Basu 

January 1996 The VLDB Journal — The International Journal on Very Large Data Bases, 

Volume 5 Issue 1 

Full text available: ^ pdfd 62.80 KB) Additional Information: full citation , abstract , citings , index terms 

We propose a new client-side data-caching scheme for relational databases with a central 
server and multiple clients. Data are loaded into each client cache based on queries 
executed on the central database at the server. These queries are used to form predicates 
that describe the cache contents. A subsequent query at the client may be satisfied in its 
local cache if we can determine that the query result is entirely contained in the cache. This 
issue is called cache completeness, A separ ... 

Keywords: Cache completeness. Cache currency. Caching, Multiple clients. Relational 
databases 



''^ Logical foundations of object-oriented and frame-based lan a uaaes 
Michael Klfer, Georg Lausen, James Wu 
July 1995 Journal of the ACM (JACM), Volume 42 issue 4 

Full text available* 1 ?^pdf(7.52 MB) Additional Information: full citation , abstract , references , citings , index 
' ^ terms , review 

We propose a novel formalism, called Frame Logic (abbr., F-logic), that accounts in a clean 
and declarative fashion for most of the structural aspects of object-oriented and frame- 
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based languages. These features include object identity, complex objects, inheritance, 
polymorphic types, query methods, encapsulation, and others. In a sense, F-logic stands in 
the same relationship to the object-oriented paradigm as classical predicate calculus stands 
to relational programming. ... 

Keywords: deductive databases, frame-based languages, logic programming, 
nonmonotonic inheritance, object-oriented programming, proof theory, semantics, typing 



^6 Secure and selective dissemination of XML documents 
Elisa Bertino, Elena Ferrari 

August 2002 ACM Transactions on Information and System Security (TISSEC), volume 5 
Issue 3 

Full text available: ^ pdf(678.34 KB) Additional Information: full citation , abstract , references , index terms 

XML {extensible Markup Language) has ennerged as a prevalent standard for docunnent 
representation and exchange on the Web. It is often the case that XML documents contain 
information of different sensitivity degrees that must be selectively shared by (possibly 
large) user communities. There is thus the need for models and mechanisms enabling the 
specification and enforcement of access control policies for XML documents. Mechanisms 
are also required enabling a secure and selective dissemina ... 

Keywords: Access control, XML, secure distribution 



^7 System R: relational approach to database management 

M. M. Astrahan, M, W. Blasgen, D. D. Chamberlin, K. P. Eswaran, J. N. Gray, P. P. Griffiths, W. 
F. King, R. A. Lorie, P. R. McJones, J. W. Mehl, G. R. Putzolu, I. L. Traiger, B. W. Wade, V. 
Watson 

June 1976 ACM Transactions on Database Systems (TODS), Volume i issue 2 

Full text available- 1^ pdf(3. 18 MB) Additional Information: full citation , abstract , references , citings , index 

terms 

System R is a database management system which provides a high level relational data 
interface. The systems provides a high level of data independence by isolating the end user 
as much as possible from underlying storage structures. The system permits definition of a 
variety of relational views on common underlying data. Data control features are provided, 
including authorization, integrity assertions, triggered transactions, a logging and recovery 
subsystem, and facilities for maintaining ... 

Keywords: authorization, data structures, database, index structures, locking, 
nonprocedural language, recovery, relational model 



Belief reasoning in MLS deductive databases 
Hasan M. Jamil 

June 1999 ACM SIGMOD Record , Proceedings of the 1999 ACM SIGMOD international 

conference on Management of data, volume 28 issue 2 
Full text available* S pdf(1.56 MB) Additional Information: full citation , abstract , references , citings , index 

terms 

It is envisaged that the application of the multilevel security (MLS) scheme will enhance 
flexibility and effectiveness of authorization policies in shared enterprise databases and will 
replace cumbersome authorization enforcement practices through complicated view 
definitions on a per user basis. However, as advances in this area are being made and ideas 
crystallized, the concomitant weaknesses of the MLS databases are also surfacing. We insist 
that the critical problem with the current mo ... 
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Keywords: MLS database, beleif assertion, deductive databases, inheritance and 
overriding, reasoning 



^9 Authentication in distributed systems: theory and practice 
Butler Lampson, Martm Abadi, Michael Burrows, Edward Wobber 
November 1992 ACM Transactions on Computer Systems (TOCS), Volume lo issue 4 

Full text available- 151 Ddf(3 37 MB) Additional Information: full citation , abstract , references , citings , index 

terms , review 

We describe a theory of authentication and a systenn that implennents it. Our theory is 
based on the notion of principal and a "speaks for" relation between principals. A simple 
principal either has a name or is a communication channel; a compound principal can 
express an adopted role or delegated authority. The theory shows how to reason about a 
principal's authority by deducing the other principals that it can speak for; authenticating a 
channel is one important application. We ... 

Keywords: certification authority, delegation, group, interprocess communication, key 
distribution, loading programs, path name, principal, role, secure channel, speaks for, 
trusted computing base 



20 The Format Model: A Theory of database Organization 
Richard Hull, Chee K. Yap 

June 1984 Journal of the ACM (JACM), Volume 31 issue 3 

Full text available: ^ pdf(1.09 MB) Additional Information: full citation , references , citings , index terms , review 
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